CCNA 3 v7 Network Security Exam with all Correct &
100% Verified Answers| Guaranteed to Pass
What type of malware has the primary objective of spreading across the network? ✔Correct
Answer-worm
What is a ping sweep? ✔Correct Answer-a network scanning technique that indicates the live hosts
in a range of IP addresses.
Which requirement of secure communications is ensured by the implementation of MD5 or SHA
hash generating algorithms? ✔Correct Answer-integrity
If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it? ✔Correct
Answer-a private key
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
✔Correct Answer-destination UDP port number
ICMP message type
What type of ACL offers greater flexibility and control over network access? ✔Correct Answer-
extended
What is the quickest way to remove a single ACE from a named ACL? ✔Correct Answer-Use the no
keyword and the sequence number of the ACE to be removed.
A network administrator needs to configure a standard ACL so that only the workstation of the
administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router.
Which two configuration commands can achieve the task? (Choose two.) ✔Correct Answer-
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16
network, but permit all other traffic. Which two commands should be used? (Choose two.)
✔Correct Answer-Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Router(config)# access-list 95 permit any
Consider the following access list.
access-list 100 permit ip host 192.168.10.1 anyaccess-list 100 deny icmp 192.168.10.0 0.0.0.255 any
echoaccess-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that
has the IP address 192.168.10.254 assigned? (Choose two.) ✔Correct Answer-Devices on the
192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.
A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this
access list assigned.
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP
connections? ✔Correct Answer-SYN flood attack
100% Verified Answers| Guaranteed to Pass
What type of malware has the primary objective of spreading across the network? ✔Correct
Answer-worm
What is a ping sweep? ✔Correct Answer-a network scanning technique that indicates the live hosts
in a range of IP addresses.
Which requirement of secure communications is ensured by the implementation of MD5 or SHA
hash generating algorithms? ✔Correct Answer-integrity
If an asymmetric algorithm uses a public key to encrypt data, what is used to decrypt it? ✔Correct
Answer-a private key
Which two packet filters could a network administrator use on an IPv4 extended ACL? (Choose two.)
✔Correct Answer-destination UDP port number
ICMP message type
What type of ACL offers greater flexibility and control over network access? ✔Correct Answer-
extended
What is the quickest way to remove a single ACE from a named ACL? ✔Correct Answer-Use the no
keyword and the sequence number of the ACE to be removed.
A network administrator needs to configure a standard ACL so that only the workstation of the
administrator with the IP address 192.168.15.23 can access the virtual terminal of the main router.
Which two configuration commands can achieve the task? (Choose two.) ✔Correct Answer-
Router1(config)# access-list 10 permit host 192.168.15.23
Router1(config)# access-list 10 permit 192.168.15.23 0.0.0.0
A network administrator is writing a standard ACL that will deny any traffic from the 172.16.0.0/16
network, but permit all other traffic. Which two commands should be used? (Choose two.)
✔Correct Answer-Router(config)# access-list 95 deny 172.16.0.0 0.0.255.255
Router(config)# access-list 95 permit any
Consider the following access list.
access-list 100 permit ip host 192.168.10.1 anyaccess-list 100 deny icmp 192.168.10.0 0.0.0.255 any
echoaccess-list 100 permit ip any any
Which two actions are taken if the access list is placed inbound on a router Gigabit Ethernet port that
has the IP address 192.168.10.254 assigned? (Choose two.) ✔Correct Answer-Devices on the
192.168.10.0/24 network can sucessfully ping devices on the 192.168.11.0 network.
A Telnet or SSH session is allowed from any device on the 192.168.10.0 into the router with this
access list assigned.
In which TCP attack is the cybercriminal attempting to overwhelm a target host with half-open TCP
connections? ✔Correct Answer-SYN flood attack
